package com.seed.auth.web.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.alibaba.fastjson.JSON;
import com.seed.auth.entity.TAuthUser;

@RestController
@RequestMapping("auth")
public class AuthController {
    // /authc/** = authc 任何通过表单登录的用户都可以访问 sdf
    @RequestMapping("anyuser")
    public String anyuser() {
        Subject subject = SecurityUtils.getSubject();
        TAuthUser user = (TAuthUser) subject.getSession().getAttribute("user");
        return JSON.toJSONString(user);
    }

    // /authc/admin = user[admin] 只有具备admin角色的用户才可以访问，否则请求将被重定向至登录界面
    @RequestMapping("admin")
    public String admin() {
        Subject subject = SecurityUtils.getSubject();
        TAuthUser user = (TAuthUser) subject.getSession().getAttribute("user");
        return JSON.toJSONString(user);
    }
}